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CLAIMS: 



L A method of providing conditional access to an encrypted data stream with a 

stream receiving device (12), the method comprising 

- including encrypted content data, the decryption of which requires temporally changing 
control words (CW), in the data stream; 

5 - including first decryption control messages (ECM's) in the data stream, each first deciyption 
control message (ECM) containing at least one of the control words that is required for 
decrypting content data that is substantially contemporaneous with the first decryption 
control message (ECM) in the stream; 

- including second decryption control messages (EMM*s) which contain management 

10 information for entitling selected stream receiving devices to decrypt content data from the 
data stream using control words from the first decryption control messages (ECM's), 

- including further management information in at least part of the first decryption messages 
(ECM's); 

- extracting a control word from a first decryption message (ECM) from the stream in a 
1 5 stream receiving device (12), 

- together with said extracting, testing whether the first deciyption message (ECM) contains 
further management information targeted at the stream receiving device (12), 

- indefinitely disabling subsequent decryption of at least part of the stream in the stream 
receiving device (12) upon said detection. 

20 

2. A method according to Claim 1, wherein the stream receiving device (12) 

contains identification information that individually identifies the stream receiving device 
(12), said first decryption message (ECM) containing fiirther identification information, said 
testing comprising comparing the identification information and the fiuther identification 
25 information. 



3. A method according to Claim 1, wherein the first encryption message (ECM) 

contains information that specifies a condition upon entitlement data, said testing comprising 
searching for entitiement data stored in said stream receiving device (12) to detect whether 
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any of the searched entitlement data meets said condition, and performing the disabling if 
such entitlement data is found. 



4. A method of generating an encrypted data stream, the method comprising 
5 - including encrypted content data, the decryption of which requires temporally changing 

control words, in the data stream; 

- including first decryption control messages (ECM*s), which contain the control words, in 
the data stream; 

- including second decryption control messages (EMM's) which contain management 

10 information for entitling selected stream receiving devices to decrypt content data from the 
data stream usmg control words from the first decryption control messages (ECM), 

- including further management information in at least part of the first decryption messages 
(ECM's), the further management information being arranged to target selected stream 
receiving devices (12) to indefinitely disable subsequent deciyption of at least part of the 

15 stream in the stream receiving device (12). 

5. A method according to Claim 4, wherein the further management information 
targets the selected stream receiving devices (12) with identification information 
corresponding to individual identification information of selected stream receiving devices. 

20 

6. A method according to Claim 4, wherein the further management information 
targets the selected stream receiving devices (12) with information that specifies a condition 
upon a content of entitlement data in said stream receiving devices. 



25 7. A stream receiving device (12) for providing conditional access to an 

encrypted data stream, wherein the data stream comprises encrypted content data, the 
decryption of which requires temporally changing control words, the data stream further 
comprising first decryption control messages (ECM's), which each contain a control word, 
substantially contemporaneously with the content data that can be decrypted with that control 

30 word, and second deciyption control messages (EMM's) which contain management 

information for entitling the stream receiving device to decrypt content data from the data 
stream using control words from the first decryption control messages (ECM's), the stream 
receiving device comprising a circuit (124) arranged 

- to extract a control word fix>m a first deciyption message from the stream, and. 
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" together with said extracting, to test whether the first encryption messages (ECM's) contain 
further management infomation targeted at the stream receiving device (12), the stream 
receiving device (12) indefinitely disabling subsequent decryption of at least part of the 
stream upon said detection. 

5 

8. A stream receivmg device according to Claim 7, wherein said testing whether 
the further management information is targeted at the stream receiving device comprises 
comparing identification information from the further management information with an 
identification of the stream receiving device. 

10 

9. A stream receiving device according to Claim 7, wherein said testing whether 
the further management information is targeted at the stream receiving device comprises 
searching for entitlement data stored in said stream receiving device (12) that meets a 
condition specified in the further management information. 

15 

10. A smart card for use in a stream receiving device according to Claim 7, the 
smart card comprising a processor (124) and an entitlement memory (126), the processor 
(124) being programmed to 

- extract a control word fi*om a first decryption control message (ECM) from the stream and 
20 to supply the control word for use in decrypting content data; 

- update the entitlement memory using information from a second decryption control 
message (EMM); 

- together with said extracting, test whether the first encryption messages (ECM's) contain 
further management information targeted at the stream receiving device, and 

25 - indefinitely disable subsequent supply of control words of at least part of the stream upon 
said detection. 

11. A stream generating device for generating an encrypted data stream, the 
stream generating device comprising 

30 - a source of content data, comprising an encryption unit for encrypting the content data so 
that temporally changing control words are required; 

- a source of first decryption control messages, that generates first control word messages in 
the stream containing control words for decrypting the content data; 



wo 2005/048603 



PCT/IB2004/052300 



12 

- a source of access management information, that generates first control word messages in 
the stream containing management information for entitling selected stream receiving devices 
to decrypt content data, the source of access management information being coupled to the 
source of first decryption control messages, the source of first decryption control messages 
5 being arranged to include further management information in at least part of the first 

decryption messages, the further management information being arranged to target selected 
stream receiving devices to indefinitely disable subsequent decryption of at least part of the 
stream in the stream receiving device. 



